USN-2917-1: Firefox vulnerabilities

Ubuntu Security Notice USN-2917-1

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 15.10

Ubuntu 14.04 LTS

Ubuntu 12.04 LTS

Summary

Firefox could be made to crash or run programs as your login if it
opened a malicious website.

Software description

firefox
- Mozilla Open Source web browser

Details

Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.If a user were tricked in to opening a specially crafted website, anattacker could potentially exploit this to cause a denial of service viaapplication crash, or execute arbitrary code with the privileges of theuser invoking Firefox. (CVE-2016-1950)

Nicolas Golubovic discovered that CSP violation reports can be used tooverwrite local files. If a user were tricked in to opening a speciallycrafted website with addon signing disabled and unpacked addons installed,an attacker could potentially exploit this to gain additional privileges.(CVE-2016-1954)

Ucha Gobejishvili discovered that performing certain WebGL operationsresulted in memory resource exhaustion with some Intel GPUs, requiringa reboot. If a user were tricked in to opening a specially craftedwebsite, an attacker could potentially exploit this to cause a denialof service. (CVE-2016-1956)

Jose Martinez and Romina Santillan discovered a memory leak inlibstagefright during MPEG4 video file processing in some circumstances.If a user were tricked in to opening a specially crafted website, anattacker could potentially exploit this to cause a denial of service viamemory exhaustion. (CVE-2016-1957)

Abdulrahman Alqabandi discovered that the addressbar could be blank orfilled with page defined content in some circumstances. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)

Looben Yang discovered an out-of-bounds read in Service Worker Manager. Ifa user were tricked in to opening a specially crafted website, an attackercould potentially exploit this to cause a denial of service viaapplication crash, or execute arbitrary code with the privileges of theuser invoking Firefox. (CVE-2016-1959)

A use-after-free was discovered in the HTML5 string parser. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit this to cause a denial of service via applicationcrash, or execute arbitrary code with the privileges of the user invokingFirefox. (CVE-2016-1960)

A use-after-free was discovered in the SetBody function of HTMLDocument.If a user were tricked in to opening a specially crafted website, anattacker could potentially exploit this to cause a denial of service viaapplication crash, or execute arbitrary code with the privileges of theuser invoking Firefox. (CVE-2016-1961)

Dominique Hazaël-Massieux discovered a use-after-free when using multipleWebRTC data channels. If a user were tricked in to opening a speciallycrafted website, an attacker could potentially exploit this to cause adenial of service via application crash, or execute arbitrary code withthe privileges of the user invoking Firefox. (CVE-2016-1962)

It was discovered that Firefox crashes when local files are modifiedwhilst being read by the FileReader API. If a user were tricked in toopening a specially crafted website, an attacker could potentially exploitthis to execute arbitrary code with the privileges of the user invokingFirefox. (CVE-2016-1963)

Nicolas Grégoire discovered a use-after-free during XML transformations.If a user were tricked in to opening a specially crafted website, anattacker could potentially exploit this to cause a denial of service viaapplication crash, or execute arbitrary code with the privileges of theuser invoking Firefox. (CVE-2016-1964)

Tsubasa Iinuma discovered a mechanism to cause the addressbar to displayan incorrect URL, using history navigations and the Location protocolproperty. If a user were tricked in to opening a specially craftedwebsite, an attacker could potentially exploit this to conduct URLspoofing attacks. (CVE-2016-1965)

A memory corruption issues was discovered in the NPAPI subsystem. Ifa user were tricked in to opening a specially crafted website with amalicious plugin installed, an attacker could potentially exploit thisto cause a denial of service via application crash, or execute arbitrarycode with the privileges of the user invoking Firefox. (CVE-2016-1966)

Jordi Chancel discovered a same-origin-policy bypass when usingperformance.getEntries and history navigation with session restore. Ifa user were tricked in to opening a specially crafted website, an attackercould potentially exploit this to steal confidential data. (CVE-2016-1967)

Luke Li discovered a buffer overflow during Brotli decompression in somecircumstances. If a user were tricked in to opening a specially craftedwebsite, an attacker could potentially exploit this to cause a denial ofservice via application crash, or execute arbitrary code with theprivileges of the user invoking Firefox. (CVE-2016-1968)

Ronald Crane discovered a use-after-free in GetStaticInstance in WebRTC.If a user were tricked in to opening a specially crafted website, anattacker could potentially exploit this to cause a denial of service viaapplication crash, or execute arbitrary code with the privileges of theuser invoking Firefox. (CVE-2016-1973)

Ronald Crane discovered an out-of-bounds read following a failedallocation in the HTML parser in some circumstances. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit this to cause a denial of service via applicationcrash, or execute arbitrary code with the privileges of the user invokingFirefox. (CVE-2016-1974)